Abstract: Fully homomorphic encryption is an encryption method with the property that any computation on the plaintext can be performed by a party having access to the ciphertext only. Here, we formally define and give schemes for quantum homomorphic encryption, which is the encryption of quantum information such that quantum computations can be performed given the ciphertext only. Our schemes allows for arbitrary Clifford group gates, but become inefficient for circuits with large complexity, measured in terms of the non-Clifford portion of the circuit (we use the "$\pi/8$" non-Clifford group gate, which is also known as the $T$-gate). More specifically, two schemes are proposed: the first scheme has a decryption procedure whose complexity scales with the square of the number of $T$-gates (compared with a trivial scheme in which the complexity scales with the total number of gates); the second scheme uses a quantum evaluation key of length given by a polynomial of degree exponential in the circuit's $T$-gate depth, yielding a homomorphic scheme for quantum circuits with constant $T$-depth. Both schemes build on a classical fully homomorphic encryption scheme. A further contribution of ours is to formally define the security of encryption schemes for quantum messages: we define quantum indistinguishability under chosen plaintext attacks in both the public and private-key settings. In this context, we show the equivalence of several definitions. Our schemes are the first of their kind that are secure under modern cryptographic definitions, and can be seen as a quantum analogue of classical results establishing homomorphic encryption for circuits with a limited number of multiplication gates. Historically, such results appeared as precursors to the breakthrough result establishing classical fully homomorphic encryption.

Abstract: Based on hyper-chaotic systems, a novel image encryption algorithm is introduced in this paper. The advantages of our proposed approach are that it can be realized easily in one round diffusion process and is computationally very simple while attaining high security level, high key sensitivity, high plaintext sensitivity and other properties simultaneously. The key stream generated by hyper-chaotic system is related to the original image. Moreover, to encrypt each pixel, we use the sum of pixels which are located after that pixel. The algorithm uses different summations when encrypting different input images (even with the same sequence based on hyper-chaotic system). This, in turn, will considerably enhance the cryptosystem resistance against known/chosen-plaintext and differential attacks. The change rate of the number of pixels in the cipher-image when only one pixel of the original image is modified (NPCR) and the Unified Average Changing Intensity (UACI) are already very high (NPCR?>?99.80233 % and UACI?>?33.55484 %). Also, experimental results such as key space analysis, histograms, correlation coefficients, information entropy, peak signal-to-noise ratio, key sensitivity analysis, differential analysis and decryption quality, show that the proposed image encryption algorithm is secure and reliable, with high potential to be adopted for the secure image communication applications.

Abstract: This paper analyzes the actual cost of attacking TLS implementations that use NIST's Dual EC pseudorandom number generator, assuming that the attacker generated the constants used in Dual EC. It has been known for several years that an attacker generating these constants and seeing a long enough stretch of Dual EC output bits can predict all future outputs; but TLS does not naturally provide a long enough stretch of output bits, and the cost of an attack turns out to depend heavily on choices made in implementing the RNG and on choices made in implementing other parts of TLS. Specifically, this paper investigates OpenSSL-FIPS, Windows' SChannel, and the C/C++ and Java versions of the RSA BSAFE library. This paper shows that Dual EC exploitability is fragile, and in particular is stopped by an outright bug in the certified Dual EC implementation in OpenSSL. On the other hand, this paper also shows that Dual EC exploitability benefits from a modification made to the Dual EC standard in 2007; from several attack optimizations introduced here; and from various proposed TLS extensions, one of which is implemented in BSAFE, though disabled in the version we obtained and studied. The paper's attacks are implemented; benchmarked; tested against libraries modified to use new Dual EC constants; and verified to successfully recover TLS plaintext.

Abstract: This paper presents a new way of image encryption scheme, which consists of two processes; key stream generation process and one-round diffusion process. The first part is a pseudo-random key stream generator based on hyper-chaotic systems. The initial conditions for both hyper-chaotic systems are derived using a 256-bit-long external secret key by applying some algebraic transformations to the key. The original key stream is related to the plain-image which increases the level of security and key sensitivity of the proposed algorithm. The second process employs the image data in order to modify the pixel gray-level values and crack the strong correlations between adjacent pixels of an image simultaneously. In this process, the states which are combinations of two hyper-chaotic systems are selected according to image data itself and are used to encrypt the image. This feature will significantly increase plaintext sensitivity. Moreover, in order to reach higher security and higher complexity, the proposed method employs the image size in key stream generation process. It is demonstrated that the number of pixel change rate (NPCR) and the unified average changing intensity (UACI) can satisfy security and performance requirements (NPCR $$>$$ 99.80 %, UACI $$>$$ 33.56 %) in one round of diffusion. The experimental results reveal that the new image encryption algorithm has the advantages of large key space, high security, high sensitivity, and high speed. Also, the distribution of gray-level values of the encrypted image has a semi-random behavior.

Abstract: As the image data produced by individuals and enterprises is rapidly increasing, Scalar Invariant Feature Transform (SIFT), as a local feature detection algorithm, has been heavily employed in various areas, including object recognition, robotic mapping, etc. In this context, there is a growing need to outsource such image computation with high complexity to cloud for its economic computing resources and on-demand ubiquitous access. However, how to protect the private image data while enabling image computation becomes a major concern. To address this fundamental challenge, we study the privacy requirements in outsourcing SIFT computation and propose SecSIFT, a high performance privacy-preserving SIFT feature detection system. In previous private image computation works, one common approach is to encrypt the private image in a public key based homomorphic scheme that enables the original processing algorithms designed for plaintext domain to be performed over ciphertext domain. In contrast to these works, our system is not restricted by the efficiency limitations of homomorphic encryption scheme. The proposed system distributes the computation procedures of SIFT to a set of independent, co-operative cloud servers, and keeps the outsourced computation procedures as simple as possible to avoid utilizing homomorphic encryption scheme. Thus, it enables implementation with practical computation and communication complexity. Extensive experimental results demonstrate that SecSIFT performs comparably to original SIFT on image benchmarks while capable of preserving the privacy in an efficient way.

Abstract: In this paper, a new image alternative encryption algorithm is proposed, in which the shuffling and diffusion are performed simultaneously. The plain image is divided into two left and right blocks of same size. The matrix which is generated by a logistic map is used to diffuse the left block of the plain image. Then, the diffused image is used as the right block of the cipher image. The 0, 1 sequence which comes from another logistic chaotic sequence and plaintext is used to shuffle the right block of the cipher image. After the operation XOR, the left block of cipher image is generated. Finally, two new-generated blocks are merged into the cipher image. In order to get better effect for image encryption, this process can be repeated many rounds. The simulation results show that this algorithm has properties of big key space, high sensitivity to key, resisting statistical analysis, differential attacks, plaintext attacks, and chosen-plaintext attacks. So, it has high security and can be suitable for image encryption.

Abstract: Recently, a RGB image encryption algorithm based on DNA encoding and chaos map has been proposed. It was reported that the encryption algorithm can be broken with four pairs of chosen plain-images and the corresponding cipher-images. This paper re-evaluates the security of the encryption algorithm, and finds that the encryption algorithm can be broken efficiently with only one known plain-image. The effectiveness of the proposed known-plaintext attack is supported by both rigorous theoretical analysis and experimental results. In addition, two other security defects are also reported.

Abstract: In this paper, for the first time, we define a general notion for proxy re-encryption (PRE), which we call deterministic finite automata-based functional PRE (DFA-based FPRE). Meanwhile, we propose the first and concrete DFA-based FPRE system, which adapts to our new notion. In our scheme, a message is encrypted in a ciphertext associated with an arbitrary length index string, and a decryptor is legitimate if and only if a DFA associated with his/her secret key accepts the string. Furthermore, the above encryption is allowed to be transformed to another ciphertext associated with a new string by a semitrusted proxy to whom a re-encryption key is given. Nevertheless, the proxy cannot gain access to the underlying plaintext. This new primitive can increase the flexibility of users to delegate their decryption rights to others. We also prove it as fully chosen-ciphertext secure in the standard model.

Abstract: This paper presents one of the first methods allowing the protection of the newly emerging video codec HEVC (High Efficiency Video Coding). Visual protection is achieved through selective encryption (SE) of HEVC-CABAC binstrings in a format compliant manner. The SE approach developed for HEVC is different from that of H.264/AVC in several aspects. Truncated rice code is introduced for binarization of quantized transform coefficients (QTCs) instead of truncated unary code. The encryption space (ES) of binstrings of truncated rice codes is not always dyadic and cannot be represented by an integer number of bits. Hence they cannot be concatenated together to create plaintext for the CFB (Cipher Feedback) mode of AES, which is a self-synchronizing stream cipher for so-called AES-CFB. Another challenge for SE in HEVC concerns the introduction of context, which is adaptive to QTC. This work presents a thorough investigation of HEVC-CABAC from an encryption standpoint. An algorithm is devised for conversion of non-dyadic ES to dyadic, which can be concatenated to form plaintext for AES-CFB. For selectively encrypted binstrings, the context of truncated rice code for binarization of future syntax elements is guaranteed to remain unchanged. Hence the encrypted bitstream is format-compliant and has exactly the same bit-rate. The proposed technique requires very little processing power and is ideal for playback on hand held devices. The proposed scheme is acceptable for DRM of a wide range of applications, since it protects the contour and motion information, along with texture. Several benchmark video sequences of different resolutions and diverse contents were used for experimental evaluation of the proposed algorithm. A detailed security analysis of the proposed scheme verified the validity of the proposed encryption scheme for content protection in a wide range of applications.

Abstract: Many encryption algorithms are directly based on the matrix transformation or their own definition of strict rules. We try to propose a new digital image encryption scheme to simulate physical phenomena rather than deliberately create rigid rules. First, the paper takes each pixel of the image as a Brownian particle, using the Monte Carlo method to simulate a Brownian motion, thus effectively scrambling the image. Then we diffuse the image with PWLCM chaotic system. To enhance the sensitivity of the key and the plaintext, we modified the initial value of PWLCM chaotic system. Experimental results and security analysis show that our method has good performance and can be used in image encryption and transmission.

Abstract: Scenarios in which authenticated encryption schemes output decrypted plaintext before successful verification raise many security issues. These situations are sometimes unavoidable in practice, such as when devices have insufficient memory to store an entire plaintext, or when a decrypted plaintext needs early processing due to real-time requirements. We introduce the first formalization of the releasing unverified plaintext (RUP) setting. To achieve privacy, we propose using plaintext awareness (PA) along with IND-CPA. An authenticated encryption scheme is PA if it has a plaintext extractor, which tries to fool adversaries by mimicking the decryption oracle, without the secret key. Releasing unverified plaintext to the attacker then becomes harmless as it is infeasible to distinguish the decryption oracle from the plaintext extractor. We introduce two notions of plaintext awareness in the symmetric-key setting, PA1 and PA2, and show that they expose a new layer of security between IND-CPA and IND-CCA. To achieve integrity, INT-CTXT in the RUP setting is required, which we refer to as INT-RUP. These new security notions are compared with conventional definitions, and are used to make a classification of symmetric-key schemes in the RUP setting. Furthermore, we re-analyze existing authenticated encryption schemes, and provide solutions to fix insecure schemes.

Abstract: In this paper, we propose to cryptanalyse an encryption algorithm which combines a DNA addition and a chaotic map to encrypt a gray scale image. Our contribution consists on, at first, demonstrating that the algorithm, as it is described, is non-invertible, which means that the receiver cannot decrypt the ciphered image even if he posses the secret key. Then, a chosen plaintext attack on the invertible encryption block is described, where, the attacker can illegally decrypt the ciphered image by a temporary access to the encryption machinery.

Abstract: Cryptographic circuits need to be protected against side-channel attacks, which target their physical attributes while the cryptographic algorithm is in execution. There can be various side-channels, such as power, timing, electromagnetic radiation, fault response, and so on. One such important side-channel is the design-for-testability (DfT) infrastructure present for effective and timely testing of VLSI circuits. The attacker can extract secret information stored on the chip by scanning out test responses against some chosen plaintext inputs. The purpose of this paper is to first present a detailed survey on the state-of-the-art in scan-based side-channel attacks on symmetric and public-key cryptographic hardware implementations, both in the absence and presence of advanced DfT structures, such as test compression and X-masking, which may make the attack difficult. Then, the existing scan attack countermeasures are evaluated for determining their security against known scan attacks. In addition, JTAG vulnerability and security countermeasures are also analyzed as part of the external test interface. A comparative area-timing-security analysis of existing countermeasures at various abstraction levels is presented in order to help an embedded security designer make an informed choice for his intended application.

Abstract: A chaos-based cryptosystem has exhibited some unconventionally excellent properties. At the same time, it is of vital significance for its advancement to give a mathematically rigorous cryptanalysis. In this study, we analyze the security of an image encryption algorithm, whose main idea is to use the sum of image data for encryption. By applying known plaintext and chosen plaintext attacks, we show that all the secret keys can be revealed.

Abstract: Scenarios in which authenticated encryption schemes output decrypted plaintext before successful verification raise many security issues. These situations are sometimes unavoidable in practice, such as when devices have insufficient memory to store an entire plaintext, or when a decrypted plaintext needs early processing due to real-time requirements. We introduce the first formalization of the releasing unverified plaintext (RUP) setting. To achieve privacy, we propose using plaintext awareness (PA) along with IND-CPA. An authenticated encryption scheme is PA if it has a plaintext extractor, which tries to fool adversaries by mimicking the decryption oracle without the secret key. Releasing unverified plaintext then becomes harmless as it is infeasible to distinguish the decryption oracle from the plaintext extractor. We introduce two notions of plaintext awareness in the symmetric-key setting, PA1 and PA2, and show that they expose a new layer of security between IND-CPA and IND-CCA. To achieve integrity of ciphertexts, INT-CTXT in the RUP setting is required, which we refer to as INT-RUP. These new security notions are used to make a classification of symmetric-key schemes in the RUP setting. Furthermore, we re-analyze existing authenticated encryption schemes, and provide solutions to fix insecure schemes.

Abstract: In previous diffractive-imaging-based optical encryption schemes, it is impossible to totally retrieve the plaintext from a single diffraction pattern. In this paper, we proposed a new method to achieve this goal. The encryption procedure can be completed by proceeding only one exposure, and the single diffraction pattern is recorded as ciphertext. For recovering the plaintext, a novel median-filtering-based phase retrieval algorithm, including two iterative cycles, has been developed. This proposal not only extremely simplifies the encryption and decryption processes, but also facilitates the storage and transmission of the ciphertext, and its effectiveness and feasibility have been demonstrated by numerical simulations.

Abstract: A key source of inefficiency in existing obfuscation schemes is that they operate on programs represented as Boolean circuits or (with stronger assumptions and costlier constructs) as Turing machines. We bring the complexity of obfuscation down to the level of RAM programs. That is, assuming injective one way functions and indistinguishability obfuscators for all circuits, we construct indistinguishability obfuscators for RAM programs with the following parameters, up to polylogarithmic factors and a multiplicative factor in the security parameter: (a) The space used by the obfuscated program, as well as the initial size of the program itself, are proportional to the maximum space s used by the plaintext program on any input of the given size. (b) On each input, the runtime of the obfuscated program is proportional to s plus the runtime of the plaintext program on that input. The security loss is proportional to the number of potential inputs for the RAM program. Our construction can be plugged into practically any existing use of indistinguishability obfuscation, such as delegation of computation, functional encryption, non-interactive zero-knowledge, and multiparty computation protocols, resulting in significant efficiency gains. It also gives the first succinct and efficient one-time garbled RAM scheme. The size of the garbled RAM is proportional to the maximum space s used by the RAM machine, and its evaluation time is proportional to the running time of the RAM machine on plaintext inputs. At the heart of our construction is a mechanism for succinctly obfuscating “iterated circuits”, namely circuits that run in iterations, and where the output of an iteration is used as input to the next. As contributions of independent interest, we also introduce (a) a new cryptographic tool called Asymmetrically Constrained Encapsulation (ACE), that allows us to succinctly and asymmetrically puncture both the encapsulation and decapsulation keys; and (b) a new program analysis tool called Inductive Properties (IP), that allows us to argue about computations that are locally different, but yet globally the same. ∗Tel Aviv University and Boston University. Email: canetti@tau.ac.il. Supported by the Check Point Institute for Information Security, ISF grant 1523/14, NSF MACS project, and an NSF Algorithmic foundations grant 1218461. †MIT. Email: holmgren@mit.edu. ‡Johns Hopkins University. Email: abhishekjain.itbhu@gmail.com. §MIT. Email: vinodv@mit.edu. Research supported in part by DARPA Grant number FA875011-2-0225, an Alfred P. Sloan Research Fellowship, the Northrop Grumman Cybersecurity Research Consortium (CRC), Microsoft Faculty Fellowship, and a Steven and Renee Finn Career Development Chair from MIT.

Abstract: The security protocols used in ZigBee rely on an advanced encryption standard-counter mode (AES-CTR) algorithm to encrypt data before transmission. This algorithm is very robust, but it is time consuming. For some industrial and medical applications, it does not meet the real-time requirement. When the AES is used in counter mode CTR, it becomes like a stream cipher that aims to generate pseudorandom bits. Also, to encrypt data, the latter are combined with the plaintext using the XOR operation. New fast stream ciphers were proposed for the eStream project, but these ciphers have shown some weakness. On the other hand, ciphers based on chaotic functions seem to be more promising. Detailed analyses have shown that chaotic functions have very good cryptographic properties and can be used to construct high speed and strong stream ciphers. In this paper, a new robust and fast chaotic encryption algorithm RFCA is presented. This consists of a chaotic cipher composed of two perturbed maps piecewise linear chaotic map. This algorithm is, in particular, adequate for data encryption in ZigBee networks where robustness and real time are both essential. A comparison between our algorithm (RFCA) and the AES-CTR, the simplified AES, and the eStream finalist candidates, is presented with regard to speed and robustness. This is done using correlation coefficients, unified average changing intensity, number of pixels change rate, and test of randomness for the generated bit sequences using the National Institute of Standards and Technology statistical test suite.

Abstract: A novel and efficient image encryption algorithm based on chaos and multiple S-boxes is proposed in this paper, in which a set of S-boxes is initially constructed using a chaotic system, and each of the S-boxes is considered as a circular sequence with a head pointer. For each image pixel, an S-box is chosen from the set of S-boxes and used to substitute for the plain pixel to get a cipher pixel, and then the chosen S-box is updated by moving its head pointer forward according to the cipher pixel and a random number. In order to increase the plaintext sensitivity of encryption, the substitution processes are performed in forward direction and backward direction, respectively. This scheme not only offers the high security by employing two directional substitutions and using the different S-boxes for each pixel but also achieves high encryption speed by constructing only a few S-boxes and updating the S-box dynamically and easily. The performance of the proposed algorithm is evaluated using a variety of analysis. Experimental results show that the proposed image encryption algorithm is secure and efficient.

Abstract: A fully homomorphic encryption (FHE) scheme is envisioned as a key cryptographic tool in building a secure and reliable cloud computing environment, as it allows arbitrary evaluation of a ciphertext without revealing the plaintext. However, existing FHE implementations remain impractical due to very high time and resource costs. To the authors’ knowledge, this paper presents the first hardware implementation of a full encryption primitive for FHE over the integers using FPGA technology. A large-integer multiplier architecture utilising Integer-FFT multiplication is proposed, and a large-integer Barrett modular reduction module is designed incorporating the proposed multiplier. The encryption primitive used in the integer-based FHE scheme is designed employing the proposed multiplier and modular reduction modules. The designs are verified using the Xilinx Virtex-7 FPGA platform. Experimental results show that a speed improvement factor of up to 44 is achievable for the hardware implementation of the FHE encryption scheme when compared to its corresponding software implementation. Moreover, performance analysis shows further speed improvements of the integer-based FHE encryption primitives may still be possible, for example through further optimisations or by targeting an ASIC platform.

Abstract: With the development of cloud computing, data sharing has a new effective method, i.e., outsourced to cloud platform. In this case, since the outsourced data may contain privacy, they only allow to be accessed by the authorized users. Encrypting the data before outsourcing is a commonly used approach, where the data owners only need to send the corresponding encryption key to the authorized users. However, in such approach it is difficult to use the data since the encrypted data obsoletes comprehensive search functionalities of plaintext keyword search. In this paper, we leverage the secure k-nearest neighbor to propose a secure dynamic searchable symmetric encryption scheme. Our scheme can achieve two important security features, i.e., forward privacy and backward privacy which are very challenging in Dynamic Searchable Symmetric Encryption (DSSE) area. In addition, we evaluate the performance of our proposed scheme compared with other DSSE schemes. The comparison results demonstrate the efficiency of our proposed scheme in terms of the storage, search and update complexity.

Abstract: The invention relates to a ciphertext cloud storage method and system. In the ciphertext cloud storage method system composed of at least one client terminal and a cloud terminal server, the ciphertext cloud storage method comprises the steps that (1) a user adopts a ciphertext and/or a plaintext to conduct data synchronism on the client terminal in the process of data storage and selects an encryption algorithm for the ciphertext; (2) authentication parameters provided based on the identity of the user is used for generating a master key, synchronous data of the ciphertext are encrypted on the client terminal through two-level keys comprising the master key and an encryption and decryption key, and the master key is backed up; (3) the ciphertext and a ciphertext index are synchronized on the client terminal and a cloud terminal, or a plaintext index is established after synchronous data of the plaintext are synchronized on the cloud terminal and the client terminal; (4) the plaintext and/or ciphertext is/are stored in a local private cloud storage server or in a storage server of a cloud storage provider according to a mount point requested by the user. By the adoption of the ciphertext cloud storage method and system, the data cannot be lost when the terminal is lost, if protection is inappropriate, only the ciphertext form of a file is damaged, and the ciphertext cloud storage system can dock with multiple cloud server providers.

Abstract: We initiate the study of the following problem: Suppose Alice and Bob would like to outsource their encrypted private data sets to the cloud, and they also want to conduct the set intersection operation on their plaintext data sets. The straightforward solution for them is to download their outsourced cipher texts, decrypt the cipher texts locally, and then execute a commodity two-party set intersection protocol. Unfortunately, this solution is not practical. We therefore motivate and introduce the novel notion of Verifiable Delegated Set Intersection on outsourced encrypted data (VDSI). The basic idea is to delegate the set intersection operation to the cloud, while (i) not giving the decryption capability to the cloud, and (ii) being able to hold the misbehaving cloud accountable. We formalize security properties of VDSI and present a construction. In our solution, the computational and communication costs on the users are linear to the size of the intersection set, meaning that the efficiency is optimal up to a constant factor.

Abstract: We conduct an analysis of the RC4 algorithm as it is used in the IEEE WPA/TKIP wireless standard. In that standard, RC4 keys are computed on a per-frame basis, with specific key bytes being set to known values that depend on 2 bytes of the WPA frame counter (called the TSC). We observe very large, TSC-dependent biases in the RC4 keystream when the algorithm is keyed according to the WPA specification. These biases permit us to mount an effective statistical, plaintext-recovering attack in the situation where the same plaintext is encrypted in many different frames (the so-called “broadcast attack” setting). We assess the practical impact of these attacks on WPA/TKIP.

Abstract: As a fundamental theorem in number theory, the Chinese Reminder Theorem (CRT) is widely used to construct cryptographic primitives. This paper investigates the security of a class of image encryption schemes based on CRT, referred to as CECRT. Making use of some properties of CRT, the equivalent secret key of CECRT can be recovered efficiently. The required number of pairs of chosen plaintext and the corresponding ciphertext is only ( 1 + ⌈ ( log 2 L ) / l ⌉ ) , the attack complexity is only O(L), where L is the plaintext length and l is the number of bits representing a plaintext symbol. In addition, other defects of CECRT, such as invalid compression function and low sensitivity to plaintext, are reported. The work in this paper will help clarify positive role of CRT in cryptology.

Abstract: In this paper, we propose a novel method for image encryption by employing the diffraction imaging technique. This method is in principle suitable for most diffractive-imaging-based optical encryption schemes, and a typical diffractive imaging architecture using three random phase masks in the Fresnel domain is taken for an example to illustrate it. The encryption process is rather simple because only a single diffraction intensity pattern is needed to be recorded, and the decryption procedure is also correspondingly simplified. To achieve this goal, redundant data are digitally appended to the primary image before a standard encrypting procedure. The redundant data serve as a partial input plane support constraint in a phase retrieval algorithm, which is employed for completely retrieving the plaintext. Simulation results are presented to verify the validity of the proposed approach.

Abstract: One approach towards basing public-key encryption (PKE) schemes on weak and credible assumptions is to build “stronger” or more general schemes generically from “weaker” or more restricted ones. One particular line of work in this context was initiated by Myers and shelat (FOCS ’09) and continued by Hohenberger, Lewko, and Waters (Eurocrypt ’12), who provide constructions of multi-bit CCA-secure PKE from single-bit CCA-secure PKE. It is well-known that encrypting each bit of a plaintext string independently is not CCA-secure— the resulting scheme is malleable. We therefore investigate whether this malleability can be dealt with using the conceptually simple approach of applying a suitable non-malleable code (Dziembowski et al., ICS ’10) to the plaintext and subsequently encrypting the resulting codeword bitby-bit. We find that an attacker’s ability to ask multiple decryption queries requires that the underlying code be continuously non-malleable (Faust et al., TCC ’14). Since, as we show, this flavor of non-malleability can only be achieved if the code is allowed to “self-destruct,” the resulting scheme inherits this property and therefore only achieves a weaker variant of CCA security. We formalize this new notion of so-called self-destruct CCA security (SD-CCA) as CCA security with the restriction that the decryption oracle stops working once the attacker submits an invalid ciphertext. We first show that the above approach based on non-malleable codes yields a solution to the problem of domain extension for SD-CCA-secure PKE, provided that the underlying code is continuously non-malleable against a reduced form of bit-wise tampering. Then, we prove that the code of Dziembowski et al. is actually already continuously non-malleable against (even full) bit-wise tampering; this constitutes the first information-theoretically secure continuously nonmalleable code, a technical contribution that we believe is of independent interest. Compared to the previous approaches to PKE domain extension, our scheme is more efficient and intuitive, at the cost of not achieving full CCA security. Our result is also one of the first applications of non-malleable codes in a context other than memory tampering. Work done while author was as ETH Zurich.